Cybercriminals in Uttar Pradesh allegedly used a school-owner couple from Rura, Kanpur Dehat, as mule account holders after luring them with a promised 30 percent commission on a fake political fund transfer. Investigators say the fraudsters installed a malicious APK file on the couple’s phones, seized control of their bank accounts and SIM cards, and routed nearly ₹1.09 crore through multiple accounts. Four people have been arrested, while the alleged mastermind, Noman Farooqui, remains absconding along with several associates.
The case surfaced only after the couple approached the Cyber Crime Police Station upon receiving a notice from Bengaluru Police, which stated that 29 separate cyber fraud complaints had been registered against their educational institution’s bank accounts on the National Cyber Crime Reporting Portal.
During questioning, the couple said they were introduced to Farooqui through an acquaintance in March 2026. He allegedly told them ₹5 crore in “political funds” would be routed through their accounts, promising a 30 percent commission while the remaining 70 percent would be returned. Investigators say the couple was specifically targeted because their accounts carried a high transaction limit, a detail that made them useful conduits for large-value fraud.
The accused allegedly summoned the couple to a hotel in Lucknow, where they were instructed to install an APK file on their phones. The fraudsters also took physical possession of the SIM cards linked to the couple’s bank accounts, a combination investigators believe gave them complete control over both the devices and the associated banking services.
The couple was then taken to Siliguri, West Bengal, and kept in hotels for several days while multiple transactions moved through their ICICI Bank and Bandhan Bank accounts. Roughly ₹1.09 crore passed through those accounts before being transferred onward to other accounts believed to be part of the same cyber fraud network.
Using technical surveillance and mobile tracking, police arrested Abi Waqas and Mangal Singh in Lucknow, and their disclosures led to the subsequent arrests of Brijendra Yadav and Rahul Sharma. Investigators seized six mobile phones, six cheque books, four bank passbooks, four ATM cards, a tax invoice book, letterheads, a car and seals belonging to various firms during the operation.
Preliminary findings indicate the network spanned Uttar Pradesh, Siliguri, Kolkata and several other locations, with police still working to trace and arrest Farooqui and the remaining members of the syndicate.
This is not an isolated case for the city’s cyber cell. Kanpur police have dismantled several mule account rings in recent months, including a network that opened 25 accounts in six months and sold them to fraudsters for roughly ₹7,000 each, and another involving a Delhi-based handler who supplied mule accounts linked to complaints from victims across 13 states. Just weeks earlier, Kanpur police had also filed a chargesheet in a separate ₹58 crore cyber fraud case built on the same mule account model.
What distinguishes the school couple’s case is the deliberate targeting of high-limit, professionally credible accounts rather than accounts opened purely for the purpose of fraud, a shift that makes detection considerably harder since the account holders themselves have clean financial histories until the fraud is already underway.
Prof. Triveni Singh, the former IPS officer and cybercrime specialist, said mule accounts have become one of the most critical components of organised cybercrime, with criminals routinely luring individuals through promises of high commissions, political funding or investment opportunities to gain access to their bank accounts and devices. He advised the public never to share bank account access, mobile phones, SIM cards or internet banking credentials with anyone, and to avoid installing APK files from unknown or unverified sources, since doing so can hand criminals complete control over both the device and the victim’s financial accounts.
